CVE-2025-4802

Exploit

EPSS 0.01%
Published 16.05.2025 19:32:50
Last modified 17.06.2025 14:09:23
Source 3ff69d7a-14f2-4f67-a097-88dee7
Teams watchlist Login
Open Login

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Glibc Version >= 2.27 <= 2.38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.009

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e

Patch

https://sourceware.org/bugzilla/show_bug.cgi?id=32976

Issue Tracking

http://www.openwall.com/lists/oss-security/2025/05/16/7

Mailing List

http://www.openwall.com/lists/oss-security/2025/05/17/2

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-4802

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4802

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4802

EUVD